fix: Normalize location path to avoid multiple forward slashes

dav-pascual · dav-pascual · commit beaff1878758 · 2023-03-06T22:35:24.000+01:00
Fixes: #88
diff --git a/common/etc/nginx/templates/default.conf.template b/common/etc/nginx/templates/default.conf.template
@@ -30,6 +30,13 @@ server {
     # information that could be used to find an exploit.
     server_tokens off;
 
+    # Normalize location path. Remove instances of double/multipe forward slashes.
+    # Disabling merge_slashes is necessary for this feature to work.
+    # Disabling port redirection to avoid broken URLs in bridged hosts
+    port_in_redirect off;
+    merge_slashes off;
+    rewrite (.*?)//+(.*) $1/$2 redirect;
+
     # Uncomment this for a HTTP header that will let you know the cache status
     # of an object.
     # add_header X-Cache-Status $upstream_cache_status;
diff --git a/test/integration/test_api.sh b/test/integration/test_api.sh
@@ -153,7 +153,7 @@ assertHttpRequestEquals "HEAD" "a.txt?some=param&that=should&be=stripped#aaah" "
 assertHttpRequestEquals "HEAD" "b/c/d.txt" "200"
 assertHttpRequestEquals "HEAD" "b/c/../e.txt" "200"
 assertHttpRequestEquals "HEAD" "b/e.txt" "200"
-assertHttpRequestEquals "HEAD" "b//e.txt" "200"
+assertHttpRequestEquals "HEAD" "b//e.txt" "302"
 assertHttpRequestEquals "HEAD" "a/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.txt" "200"
 
 # We try to request URLs that are properly encoded as well as URLs that
